Filter Articles

CYBER BLOG: Incident Handling

Businesses spend a lot of time and money putting emergency procedures into place, for example fire and emergency procedures. Your employees know where to go if the fire alarm sounds. However, would they know what to do if there was a cyber security attack? Would they know who to contact or what procedures to follow? Have you considered how to protect your business from this type of incident?

Incident handling for your computer system is crucial and vital if you want to keep your data safe and your clients trust. The types of security threats that should be considered include and are not limited to, denial of service attacks, hoaxes, malicious malware, fraud, unauthorised access, inside threats and phishing attacks.

Below will highlight the main steps to follow for a Computer Security Incident Handling Procedure:

Firstly, procedures need to be put in place so employees know who to contact and what they should do. An incident handling team should be created so employees know what their roles are in such an emergency. Not only that, but define what tools should be used to handle an incident. Good preparation will help limit the potential damage that could be caused.

Secondly, the threat needs to be identified and the incident impact needs to be assessed. If any customers are affected by the incident they must be alerted. The correct way to contain the incident also needs to be determined.

Thirdly, after the incident has been contained, the threat must be removed. This could be as simple as removing the virus or mitigating exploited vulnerabilities.

Fourthly, restore data from a backup or re-image a system. Backups should occur frequently; this will vary depending on the size of the business. It is important to test the backups to guarantee that they will work in an emergency. Ensure that backups are stored in a fireproof and water resistant security box or safe. Using a cloud storage system is another option to backup data remotely.

Finally, learn from the incident to improve upon the current systems and procedures put in place. Writing a report to describe all of the above should be done at this stage also.

Following the basics, such as updating software, not using default passwords but instead using strong complex passwords will also help to deter attacks.

The aim of computer incident handling should be to minimise the affect any disruption could cause, including loss or theft of information or disruption of services.

For more information and support about this matter, please contact us: [email protected]